0303fce7d675942b19c2ba3475ca2b05_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0303fce7d675942b19c2ba3475ca2b05_JaffaCakes118
Size

312KB
MD5

0303fce7d675942b19c2ba3475ca2b05
SHA1

08c78af38f5bc317e4a6972281f95653da9b3608
SHA256

243f6b1f68c5a6facab91ac00de0dd38d73a268821649850b96570aecdbcfee7
SHA512

5b0593d1ae61585505caf7e16291097da5d9f4f822a8861043ad02131c72481ef64c68b396b813ad703d142ca2bfaa61e515a76adc9964ad25e404e47a320adb
SSDEEP

3072:oqLnKNgORQsWc0+PfDEtSnN4WUR5IrCYNsG5d3drafA45Ym5v:xLO4MPfDH25o1tra4jm

Score

1^/10

Malware Config

Signatures

Files

0303fce7d675942b19c2ba3475ca2b05_JaffaCakes118
.exe windows:4 windows x86 arch:x86

25e90e4411d14c44cd4a1194a1387b99

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:b0:2f:4d:eb:0d:fc:71:33:b4:e8:7d:7f:19:dd:1a:ff:36:d5:b4
Signer

Actual PE Digest

6e:b0:2f:4d:eb:0d:fc:71:33:b4:e8:7d:7f:19:dd:1a:ff:36:d5:b4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LCMapStringW
LCMapStringA
MultiByteToWideChar
UnhandledExceptionFilter
FreeEnvironmentStringsA
TlsAlloc
GetCurrentThreadId
IsBadWritePtr
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
SetFilePointer
GetCPInfo
TerminateProcess
VirtualAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers
ReadFile
LocalFree
LocalAlloc
LoadLibraryW
GetVersion
GetCommandLineW
GetComputerNameW
ExitProcess
GetModuleHandleW
GetProcAddress
SetComputerNameW
CreateDirectoryW
lstrcpyW
SetLastError
lstrlenW
GetCurrentProcess
CloseHandle
GetLastError
FormatMessageW
ExpandEnvironmentStringsW
GetFileAttributesW
Sleep
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindClose
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapFree
HeapAlloc
ResumeThread
CreateThread
TlsSetValue
ExitThread
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
RtlUnwind
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapDestroy

user32

ShowWindow
InflateRect
DialogBoxIndirectParamW
GetNextDlgGroupItem
DefWindowProcW
SetWindowTextW
CreateWindowExW
SendMessageW
MapWindowPoints
CreateDialogParamW
SetWindowPos
IsWindowEnabled
GetNextDlgTabItem
LoadIconW
RegisterClassExW
GetWindowLongW
SetWindowLongW
GetMessageW
wsprintfW
DispatchMessageW
IsDialogMessageW
PostQuitMessage
TranslateMessage
EnableWindow
GetDlgItemTextW
IsDlgButtonChecked
SetFocus
CheckDlgButton
DialogBoxParamW
EndDialog
GetParent
GetWindowRect
MoveWindow
GetDlgItem
LoadCursorW
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
MessageBoxW
PostMessageW
SetDlgItemTextW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetStockObject
GetObjectW
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
GetDeviceCaps

comctl32

ord17

comdlg32

PrintDlgW

advapi32

RegOpenKeyW
RegConnectRegistryW
RegFlushKey
RegSaveKeyW
RegReplaceKeyW
FreeSid
GetLengthSid
AllocateAndInitializeSid
IsValidSid
GetSidIdentifierAuthority
InitiateSystemShutdownW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueW
RegCreateKeyW
RegEnumValueW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegLoadKeyW
RegUnLoadKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegCloseKey
RegGetKeySecurity
GetNamedSecurityInfoW
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetAclInformation
GetAce
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetSecurityDescriptorOwner
SetFileSecurityW
GetSecurityDescriptorGroup

shell32

CommandLineToArgvW
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�r�
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

25e90e4411d14c44cd4a1194a1387b99

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

6e:b0:2f:4d:eb:0d:fc:71:33:b4:e8:7d:7f:19:dd:1a:ff:36:d5:b4Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

comdlg32

advapi32

shell32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 116KB - Virtual size: 120KB

.rsrc Size: 36KB - Virtual size: 36KB

�r� Size: 88KB - Virtual size: 88KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

6e:b0:2f:4d:eb:0d:fc:71:33:b4:e8:7d:7f:19:dd:1a:ff:36:d5:b4
Signer

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 116KB - Virtual size: 120KB

.rsrc
Size: 36KB - Virtual size: 36KB

�r�
Size: 88KB - Virtual size: 88KB